Security Alert

Students – Beware of Phishing Scams

During the summer months, many students receive phishing emails offering fake job and internship opportunities. The Office of Information Technology encourages students to be mindful of scams that pose as job offers. Review the red flags of phishing below to recognize any malicious emails in your Crimson inbox.

“Hackers know exactly what to say to get the attention of students,” said UA Chief Information Security Officer Ashley Ewing. “They often send students emails that say things about summer jobs or internships, because they know that’s what students are wanting to see in their inboxes.”

OIT urges students to understand and recognize the warning signs of a phishing email, so that students are able to decipher a real job offer from a phishing job offer.

  • Look at the “From” email address. Confirm that the @ address is the company that the sender says it is.
  • Hover over links to see the URL before you click.
  • Look for an official email signature.
  • If you didn’t apply for it, don’t open it.
  • Do not send sensitive data, like a social security number, over email.
  • Never provide financial information, like credit card numbers or bank account numbers, over email.

If students suspect they are a victim of a phishing attack, they are encouraged change their myBama password and to install DUO. For questions, please contact the IT Service Desk at 205-348-5555 with any questions.

Phishing Alert – June 21, 2018

Thursday, June 21, 2018, many UA students received a phishing email from the email address donarldjacksoncyberhost@gmail.com.

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Security Alert – Update Google Chrome

Multiple vulnerabilities have been discovered in the web browser Google Chrome. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. The most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.

All Google Chrome versions prior to 67.0.3396.62 are vulnerable and should be updated.  If you have any questions, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

May 14, 2018 Phishing Attempt

Monday, May 14, 2018, many UA employees received a phishing email with the subject title “[UA Course]: New Course”

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

phishing attempt

April 24, 2018 Phishing Attempt

Tuesday, April 24, 2018, many UA employees received a phishing email with the subject title “Della Lorenzen sent you “file 3231””

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

Phishing Attempt

April 23, 2018 Phishing Attempt

Monday, April 23, 2018, many UA employees received a phishing email with the subject title “Microsoft: Action Required”

This email is a phishing attempt designed to steal credentials such as a myBama username or password.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

Phishing attempt

Avoid Tax Identity Fraud

Tax season is upon us. February, March and April serve as the prime time for tax scammers to act as the IRS or other reputable institutions to attempt to steal your sensitive data.

The Associated Press reports that in the past five years there has been a 400 percent rise in tax scams. Since 2013, the IRS has seen over 5,000 victims pay over $26.5 million as a result of a scam.

Tax scams can originate over the phone or email. Scammers use technology to disguise a call using your local area code, so it’s not just 1-800 numbers anymore. Hackers may use urgent or threatening language such as “late payment” or “everything under your name will be seized unless you pay.”

If you receive a call like this, hang up. Do not trust the caller ID. If you have questions about a call, and believe that it might be real, call the IRS directly to confirm. Hackers communicate via email, but the IRS does not. The IRS only sends postal mail. Hackers regularly pose as the IRS or DocuSign to attempt to get users to click on a link in an email to provide sensitive data. Do not ever submit personal information via email, and if you do receive an email like this, delete it.

If you do provide sensitive information over the phone or through email, please contact your local authorities. The IRS works aggressively to prevent and detect tax-related identity theft. Visit irs.gov for more information. OIT also warns UA employees of known phishing attempts. Always check oit.ua.edu/news for updates and phishing attempt alerts.

Feb. 10 Phishing Attempt

Saturday, Feb. 10, 2018, many UA employees received a phishing email with the subject title “UA” “Help Desk” “IT Help Desk” or “IT”

These emails are phishing attempts designed to steal credentials such as myBama usernames or passwords.  If you haven’t already, please delete the email. Additionally, if you are not a DUO user, please activate your DUO account at duo.ua.edu.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

Feb. 10 screenshot

Jan. 30, 2018 Student Phishing Attempt

Tuesday, Jan. 30, 2018, many UA students received a phishing email with the subject title “STUDENT PART-TIME WORK”

This is a phishing attempt designed to obtain sensitive financial data by attracting students with the prospect of a part time job. If you haven’t already, please delete the email.

If you did receive this email, and you did provide any sensitive information, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu. Below is a screenshot of the phishing email.

Phishing Attempt Screenshot

Keep Your DUO App Up to Date

Beginning April 1, 2018, DUO will no longer provide support for DUO mobile applications iOS 9 and Android 5. Both of these older OS versions are officially unsupported by Apple and Google. Devices using these older app versions will still continue to function, DUO will just no longer provide customer support for them. OIT encourages users to always update your app and OS to the newest available version to ensure you have the most secure and reliable version available.